Arbitrary rules & password difficulty
xkcd had a great comic on this topic, but to recap his idea: over the years we came up with numerous ways to come up with difficult to remember and hard to type password, that are insecure.
More over, we have sites and applications that demand from us to come up with passwords that conform to their absurd and arbitrary sense of validity.
No, you cannot use special characters!
Oh, but you must use special characters!
Capital letters are important!
None of this has a positive effect: it is irritating and—what's worse—it is less secure.
Therefore, I want to show you how easy it is to come up with a difficult password that is not hard to remember.
You pick three random common words.
That's it. You glue them together — that's enough.
The difficulty of the password is not mandated by the number of "special characters" in it, or the most convoluted positioning of numbers. You simply pick slightly longer words—6 letters instead of 4—and that is enough to make cracking a couple decades longer (Yes, really. No, I have not verified exact timing).
As for the case, when an annoying banking app asks you to insert a "special" character or "at least one digit", just prepend "1!". That's what I do — it does not matter and it does not affect security.
It is basically virtual bureaucracy.
Here are some ideas:
WheneverConsiderStrange
LoanDiscoverPoemElectric
AlwaysManageDiscomfort
GetJustGoatParkSatisfaction
BuryMilkDearBonePity
Any of these are much more secure than @w3rty1!, and you can build an association with it easily — remember that you can pick any words you want and nobody would guess it anyway.
How I came up with these, you might ask?
Why, there is a handy tool at correcthorsebatterystaple.net build by JVDL.
And remember, when the software you are using starts whining like a spoiled child, just append 1! to the password (or remove it, if you keep it by default).